WooThemes: fraudulent activities on customer’s credit cards

Here is the advice I have received from WooThemes. If you have also purchased some plugins for WooCommerce from WooThemes (not ThemesForest), you should check orders placed on your credit card.

Begin message-—-
Over the past 3 days we have had a handful of reports of fraudulent activities on customer’s credit cards. We take these matters very seriously and immediately investigated each case to try and determine any pattern and the severity of any potential breach.

It must be made clear that we do not store any credit card details on our site, nor does WooCommerce, which makes this investigation that much more difficult to pin point.

Steps we’ve taken:

We contacted Sucuri who have conducted a code & security audit
We requested a full review by our host and payment gateway
We updated our SSL certificate
As a pre-cautionary measure we changed our payment gateway to a completely offsite payment method – being PayPal Express.
Sucuri discovered 3 modified files on our server pointing towards an attack. It can not be said this is the reason for any leaked credit card information, and investigations continue.

To be on the safe side we urge all customers to check their cards for any fraudulent activity and letting both us and your bank know if you discover any unusual charges.

We realise every word will be scrutinised in any official response from us, as will the timing of our communication. We apologise for any inconvenience or panic caused. Our team are working as fast as humanly possible to get to the bottom of this and we will update you with any further news as soon as we have any.

Please contact us if you have any questions.
—-——end of message.

NOTE : THIS IS NOT A LEGAL ADVISE. I just want to notify users of such services.

Please pay attention to this – we were called by our bank a few days ago, around a week after purchasing a woothemes plugin. They’d picked up on a test transaction made abroad and blocked all our company cards which has left us up shit creek for the last week or so as we’ve been unable to pay online invoices.